How to protect yourself from Cryptolocker while there's still time
Law enforcement from around the world came together last week in an impressive sinkholing operation designed to disrupt two of the most troublesome pieces of malware on the planet: GameOver Zeus and Cryptolocker. These two spent much of last winter tearing through computers around the world, encrypting all the files on the hard drive and demanding payment to restore them. The NCA has estimated that around 15,000 computers may currently be infected in the UK. Worldwide, it runs into the millions.
Over the weekend, police managed to sinkhole the entire GameOver Zeus botnet infrastructure, and seized control of Cryptolocker's command-and-control servers. So great news for white hats everywhere. But then the UK's National Cyber Crime Unit put out a perplexing piece of advice: users now have two weeks to protect themselves from these two cyber nasties. So what does that mean? Why two weeks? And what can you do to protect yourself?
Queen's speech proposes life sentences for cyber criminals in the UK
Edward Snowden is on the run, living in exile as a means to evade the long arm of US law. The United States seems keen to have him prosecuted for leaking documents that have arguably put national security at risk. He acted in good faith, but has been branded a cyber criminal. Today in the UK, the Queen gave her annual speech -- well, it's really a speech written by the government, but dear Liz reads it out so she gets to call it hers -- and she revealed that cyber criminals could face life sentences for their endeavors, and that existing punishments for digital crimes cold become harsher.
Singled out for particular attention are those "cyberattacks which result in loss of life, serious illness or injury or serious damage to national security, or a significant risk thereof". Those committing such acts could be put behind bars for life. But the proposals do not end there. The aging Computer Misuse Act could be updated, so that criminals that cause "a significant risk of severe economic or environmental damage or social disruption" incur a 14 year term compared to the current 10.
Companies need a data-centred security policy to cope with big data
Big data is all the rage at the moment but when it comes to security it shouldn't be treated in isolation from the rest of the organization.
According to a new report from research specialists Gartner, policies need to take account of all forms of data if security problems are to be avoided.
The new industrial revolution -- machines rise up to become our equals
The Internet of Things is just the latest buzzword that is being used to push all manner of products. Let's cut to the chase -- it's just about "stuff" (other than obvious things like computers and phones) connecting to the internet. Nothing more than that. But this dismissive-sounding definition is not meant to undermine the importance or the significance of the IoT. We've spent the last 20 years or so getting used to the idea of accessing the web, harnessing what it has to offer, exploiting it in various ways and finding all manner of methods of using it to make life easier, more entertaining, and more profitable. The evolution of the Internet of Things sees this taken to the next level.
We are on the cusp of a new industrial revolution. Many would say that the wheels are already in motion. The tired -- very, very tired -- example of what the Internet of Things is about, is the prospect of owning a fridge that will be aware of when you run out of milk, and then either alert you or place an order on your behalf. This is a very simplistic view of things, but it is the communication between devices that will be the hallmark of things to come. Inter-device communication, or machine-to-machine (M2M) connectivity. Devices that can be left to their own devices (ahem) are approaching in ever-growing numbers, and there are advantages to be gained.
Ad-Aware Free Antivirus learns to plays nice with other antivirus tools, improves malware engine
LavaSoft has released Ad-Aware Free Antivirus 11.2, a significant update to the Swedish security developer’s range of free and paid-for PC security products.
Version 11.2 tweaks its malware engine and improves the disinfection process, but also introduces a new option that enables users to install it alongside existing security software.
Google offers End-To-End encryption with new alpha Chrome extension
Today, Google took the wraps off a new security tool for Chrome users. Currently available as an alpha release, End-To-End is an extension for Google's browser that offers... well... end-to-end encryption for data arriving in and departing from Chrome. As this is only an alpha version, the extension is not currently available in the Chrome Web Store, but Google has made the code available so the privacy-conscious and security-minded can take it for a test drive.
Based on OpenPGP and a newly developed, JavaScript-based crypto library, End-to-End can be used to encrypt, decrypt, digitally sign, and verify signed messages. Google is keen to receive feedback -- discover a problem and you could cash in, thanks to the Vulnerability Reward Program. In a post on the Google Online Security Blog, Stephan Somogyi, Product Manager, Security and Privacy explains that "we recognize that this sort of encryption will probably only be used for very sensitive messages or by those who need added protection. But we hope that the End-To-End extension will make it quicker and easier for people to get that extra layer of security should they need it".
Flash! We’ve only got 336 hours to save the world from a powerful computer attack!
Symantec's cloud storage experiment fails completely -- Norton Zone set to close
While there’s certainly no shortage of cloud storage solutions to choose from, Norton Zone’s appeal -- on paper at least -- is the security it offers users. Content is encrypted when uploaded and stored in Symantec’s own secure data center, and the service automatically scans files for malware before they can be downloaded. As is fairly typical, you get 5GB of storage for free.
Or rather you did. Symantec has made the decision to discontinue Norton Zone and wind down support of the service over the next 30 to 60 days.
US Department of Defense gives nod of approval to five Samsung Galaxy devices
South Korean manufacturer Samsung announced, earlier today, that five of its Knox-enabled Galaxy smartphones and tablets have been approved by the US Department of Defense for use on its unclassified defense networks.
The devices in question are the Galaxy S4, Galaxy S4 Active, Galaxy Note 3, Galaxy Note Pro 12.2 and Galaxy Note 10.1 2014 Edition, running Android 4.4 KitKat, with Knox 1.x in tow. The company's latest smartphone flagship, the Galaxy S5, as well as other Android handsets sporting Knox 2.x have not received the nod of approval from the DOD, which would have allowed them to be included in the Defense Information System Agency's Approved Product List (APL).
Olympus has fallen: Microsoft and the FBI take down Zeus botnet
Microsoft has a digital crimes unit, which it has utilized to systematically go after botnets around the world. The company claims several victories, but none is likely as big as the one now unveiled.
Zeus, an especially troubling entity, has been taken down by a combination of the Microsoft DCU and the US FBI. The company announces that the game is now over for "GameOver", a variant of Zeus (also known as Zbot).
Big Blue is watching you -- IBM patent aims to help stamp out fraud
Proving who you are online is usually a matter of entering passwords or other codes. Which means if your information falls into the wrong hands someone else would have no problem pretending to be you.
IBM has been working on this problem and has patented a technique that analyzes online behaviour to work out if you really are who you say you are.
Reset the Net shows a groundswell of opposition to the NSA
Internet heavyweights such as Reddit, Imgur, BoingBoing and the WikiLeaks Party are joining forces to encourage internet users to take control of their privacy. Reset The Net is a campaign that flips the virtual bird at the NSA by inviting people to make use of privacy and encryption tools to keep themselves protected online. Also involved are such names as Greenpeace, Amnesty International and the Electronic Frontier Foundation, and the campaign is gathering momentum as internet citizens find themselves increasingly disillusioned by the post-Snowden world.
We have already seen an upsurge in the use of online encryption, but this has been largely employed by those who are more technically minded. The Reset the Net website asks web users to make a pledge: "On June 5, I will take strong steps to protect my freedom from government mass surveillance. I expect the services I use to do the same". Reset the Net is not an end in itself, but more of an awareness-raising campaign that aims to educate people as much as send a message to the NSA and its ilk.
New partnership brings easy-to-use encryption to Microsoft email users
The best way to keep data from emails and attachments from falling into the wrong hands is to use some form of encryption. But it needs to be easy to use if it's going to be effective.
Systems integrator and network consultancy BrightPlanIT has announced a partnership with DataMotion that will see it reselling cloud-based solutions for secure email, file transfer, customer contact and forms processing.
Ensuring mobile apps are safe for the enterprise
We reported last week on how misconfigured apps are likely to account for many security breaches. This is a particular problem for companies that allow BYOD as it may put corporate data at risk.
Cloud-based mobile security specialist Mojave Networks has a solution in the form of a new application reputation feature to provide enterprises with detailed insight into the applications that are being run on employee mobile devices.
The most popular stories on BetaNews this past week - May 25 -- May 31
No week would be complete without a little Windows news, and this week was no different. A registry hack emerged that should make it possible to receive updates for the no-longer-supported Windows XP right up until 2019. Microsoft later spoiled the fun by pointing out that it could lead to problems as the updates that would be made available as a result of implementing the hack would not be designed for regular desktop versions of Windows XP.
Last week we were wondering why it took eBay quite so long to warn users to update their passwords after a security breach earlier in the year. This week we discovered that it was because the company was under the impression that no user data had been accessed. Apple forgot to renew its SSL certificate, and in another Apple-related security story, a hacker managed to take control of iOS and Mac devices, and hold them ransom. To console itself, the company then splashed the cash on Beats Music -- Joe pondered whether this was just another indication of Apple's lack of innovation.
© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.
